To examine the progress made between 5 January 2022 to 8 March 2022 in relation to the completion of the Internal Audit Plan for 2021/22 (report of the Head of Internal Audit enclosed).
Consideration was given to the report of the Head of Internal Audit which examined progress made between 5 January 2022 to 8 March 2022 in relation to the completion of the Internal Audit Plan for 2021/22.
The Head of Internal Audit introduced the report and highlighted the following points within the Progress Report and its appendices:
· Section 2.1 highlighted that three audits (Legal Services; Budget Sustainability Savings; and Digital Strategy) had been postponed at the request of management, the reasons predominantly being as a result of the impact of partnership working
· Section 3.1 highlighted that 63% of the Plan had been completed. A few audits had been rescheduled, but good progress was being made and all was on track to provide an opinion at the July meeting.
· Section 4.4 confirmed that three reports had been finalised and issued – Cyber Security (Reasonable Assurance); Licensing (Substantial Assurance) and Payroll (Audit Lincolnshire) (Reasonable Assurance).
· Section 4.6 advised that work on Corporate Fuel Cards had been concluded. The policy and process had been considered and no significant concerns had been raised. However, it had been requested that business intelligence be undertaken over the use of fuel and bearer cards.
· Appendix 1 provided a visual representation of progress in the completion of the agreed audit work
· Appendix 2 provided an executive summary and details on finalised reports.
· The maturity assessment of Cyber Security was in a different format to what the Committee usually received. This was a very bespoke piece of work undertaken by TIAA and a lot of insight into the review was provided. The outside line (blue) of the spider diagram at item 10 within the Summary at Appendix 2 indicated the aspirations of the Authority and PSPS around cyber security. Evidence of the current situation was shown by the green line. Further information regarding the current position against aspiration was provided in the accompanying table.
The following points were raised:
· Members raised concerns that requests for deferment due to the impact of partnership working (at section 2.1) should not become a default reason for delays.
· The Chairman commented that the spider diagram referred to was useful.
· With regard to cyber security, it would be interesting to know how PSPS’s level of cyber control compared to other contractors. In addition, why was the supply chain element not tighter than it was?
· At Appendix 2 under Issues to be Addressed (previous audit recommendations), it was stated that ‘the audit reviewed the previous internal audit recommendations, of ... view the full minutes text for item 38